NSA Deploys Botnet Armies, Spoofs Facebook

The size of the net the NSA has cast in its efforts to combat terrorism is large enough to be surprising -- if not shocking -- even to those who've become accustomed to hearing about the agency's many and various data-trawling tactics. The NSA's Turbine program reportedly has delivered malware to as many as 100,000 computers and networks, and has the capability of infecting millions.

By Richard Adhikari
Mar 13, 2014 3:46 PM PT

The
latest Snowden revelations about NSA surveillance activities indicate the agency could infect millons of computers with malware, and has spoofed Facebook servers to capture traffic from targets. Documents previously leaked by NSA whistleblower Edward Snowden include detailed descriptions of its tools and techniques, First Look reported.

"It is not surprising that the NSA would create and deploy malware," Harley Geiger, senior counsel at the Center for Democracy and Technology, told TechNewsWorld. "What is surprising is the evidence the NSA is prepared to do so on a scale that could affect millions of computers."

Hacking and surveillance operations should be used "on specific targets with minimal impact on innocent parties, not on a massive scale," Geiger said.

Dirty Deeds Done Dirt Cheap

The covert infrastructure that supports the hacking program operates from NSA headquarters in Ft. Meade, Md., and from NSA bases in the UK and Japan. British intelligence agency GCHQ apparently was deeply involved in developing the malware deployment tactic.

In some instances, the NSA set up fake Facebook servers; in others it spammed victims with poisoned emails whose payload could record audio from the target computers' mikes and take photos with its webcam. The NSA also can launch cyberattacks by corrupting and disrupting file downloads or denying access to websites, according to the First Look report.

The program, launched in 2004, apparently was aimed initially at about 150 targets, but over the past decade, the NSA developed an automated system codenamed "Turbine" that extends its reach to millions of victims.

Turbine reportedly was developed as part of the NSA's
Tailored Access Operations unit's work. It would enable the agency to attack millions of targets through computer network exploitation malware, which scarfs up intelligence from target computers and networks; and computer network attack malware, which disrupts, damages or destroys targets.

Turbine has been operational since at least July 2010, according to the report. The NSA deployed up to 100,000 malware implants against computers and networks worldwide and planned to continue doing so. Turbine is part of a broader NSA initiative named "Owning the Net" for which the agency sought nearly $68 million in funds last year.

The NSA reportedly also has malware that can circumvent privacy tools because it accesses computers before they are protected with encryption, and it can track VoIP calls made using Skype and other systems.

The usefulness of NSA's email spam program has diminished over the years as people become more wary of opening unsolicited emails, so the agency is turning to man-in-the-middle tactics, the First Look report indicates.

Reaching for the Stars

"That said, the apparent overreach by the U.S. government highlighted by stories [such as the one about Turbine] is making their mission more difficult," Bonnell pointed out.

It is not clear how effective this massive surveillance program has been so far.

"This may be a matter of some dispute, just like there continues to be debate over whether the bulk collection of telephone metadata provides useful intelligence," the CDT's Geiger said.

The Impact on the NSA

This latest report, coming shortly after Sen. Diane Feinstein, D-Calif., accused the CIA of breaking the law and breaching constitutional principles, could further heighten congressional and public mistrust of the NSA and other intelligence agencies. Feinstein, who chairs the United States Senate Intelligence Committee, has accused the CIA of sabotaging the committee's investigation into the use of waterboarding over several years.

The latest Snowden revelations also cast a shadow over congressional testimony given on Wednesday by General Keith Alexander, head of the military's newly created Cyber Command, that he is setting up 13 teams to launch cyberattacks on foreign nations in retaliation for similar attacks against the U.S.

"This and other reports have definitely thrown into question whether the NSA has the moral high ground in efforts to secure the Internet," Geiger pointed out. "If other countries decide to deploy malware en masse, it will be much harder for the U.S. to cry foul."

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on
Google+.